WANFailover Dual WAN Failover Script

[Ranger802004]

Thank you very much. I created the link for 7 days.

Your link doesn't work for me, is it hosted somewhere like Russia or China? I am using Skynet for Geo blocking.

 

[lbtboy]

Your link doesn't work for me, is it hosted somewhere like Russia or China? I am using Skynet for Geo blocking.

I also use Skynet, but this is not a reason to isolate myself from the whole world)))

 

[Ranger802004]

I also use Skynet, but this is not a reason to isolate myself from the whole world)))

For me it's more for work purposes than personal reasons and I work from home.

 

[SomeWhereOverTheRainBow]

It looks like AdGuard may be deleting the IP Rules or routes needed for failover to work? I’m not familiar with the tool but I do see where every time it goes back to WAN Status check it is having to recreate them and starts working again.

Do you mind taking a look at my script and tell me what I am doing to delete the routes as you have suggested?

Asuswrt-Merlin-AdGuardHome-Installer/AdGuardHome.sh at master · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

The Official Installer of AdGuardHome for Asuswrt-Merlin - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

 

[Ranger802004]

Do you mind taking a look at my script and tell me what I am doing to delete the routes as you have suggested?

Asuswrt-Merlin-AdGuardHome-Installer/AdGuardHome.sh at master · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

The Official Installer of AdGuardHome for Asuswrt-Merlin - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

Nothing as far as routes that I can see but I do see where our scripts may be conflicting over resolv.conf file. Maybe we can collaborate to make them work together better?

 

[SomeWhereOverTheRainBow]

Nothing as far as routes that I can see but I do see where our scripts may be conflicting over resolv.conf file. Maybe we can collaborate to make them work together better?

From what I can tell you is, my script completely high jacks port 53. So instead of dnsmasq residing on port 53, Adguardhome does when adguardhome is running and dnsmasq is moved to port 553. This is all so adguardhome can directly identify the clients that use it. which would explain why he needs to stop adguardhome directly so your script will switch back to the primary wan.

 

[Ranger802004]

From what I can tell you is, my script completely high jacks port 53. So instead of dnsmasq residing on port 53, Adguardhome does when adguardhome is running and dnsmasq is moved to port 553. This is all so adguardhome can directly identify the clients that use it. which would explain why he needs to stop adguardhome directly so your script will switch back to the primary wan.

Yes I'm aware, that's why I'm saying let's collaborate so we can resolve the conflict. I really just need some good indicators that AdGuard is active running to tell my script not to touch DNS / resolv.conf and that way your script continues to manage it.

 

[SomeWhereOverTheRainBow]

Yes I'm aware, that's why I'm saying let's collaborate so we can resolve the conflict. I really just need some good indicators that AdGuard is active running to tell my script not to touch DNS / resolv.conf and that way your script continues to manage it.

pidof adguardhome

it generates a number.

a conditional argument like

if [ -z "$(pidof AdGuardHome)" ] && [ ! -d "/opt/etc/AdGuardHome" ]; then service restart_dnsmasq; else service restart_AdGuardHome; fi

this should resolve any issues.

 

[Ranger802004]

pidof adguardhome

it generates a number.

a conditional argument like

if [ -z "$(pidof AdGuardHome)" ] && [ ! -d "/opt/etc/AdGuardHome" ]; then service restart_dnsmasq; else service restart_AdGuardHome; fi

this should resolve any issues.

Yea I was coming up with a very similar command to yours while reading your code, I'm just going to tell it skip DNS "switching" if AdGuard is installed, dnsmasq restarts already during service restart function. Does AdGuard need to be restarted if WAN changes?

 

[SomeWhereOverTheRainBow]

Yea I was coming up with a very similar command to yours while reading your code, I'm just going to tell it skip DNS "switching" if AdGuard is installed, dnsmasq restarts already during service restart function. Does AdGuard need to be restarted if WAN changes?

Probably be best so it registers the appropriate interfaces, but tbh I am not too sure. I know sighup tells it to reconfigure all that stuff without actually restarting the service.

it is covered by

service reload_AdGuardHome

 

[Ranger802004]

Probably be best so it registers the appropriate interfaces, but tbh I am not too sure. I know sighup tells it to reconfigure all that stuff without actually restarting the service.

it is covered by

service reload_AdGuardHome

It's no big deal to add it to the service restart if necessary.

 

[Ranger802004]

v1.5.5-beta Release:
Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.5-beta.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh kill

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Release Notes:
v1.5.5-beta
- If AdGuard is running or AdGuard Local is enabled, Switch WAN function will not update the resolv.conf file. (Collaboration with SomeWhereOverTheRainBow)
- Optimized the way script loads configuration variables.
- Service restarts will dynamically check which services need to be restarted.
- Optimized Boot Delay Timer functionality and changed logging messages to clarify how the Boot Delay Timer effects the script startup.
- WAN Status will now check if a cable is unplugged.
- General optimization

 

[lbtboy]

v1.5.5-beta Release:
Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.5-beta.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh kill

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Release Notes:
v1.5.5-beta
- If AdGuard is running or AdGuard Local is enabled, Switch WAN function will not update the resolv.conf file. (Collaboration with SomeWhereOverTheRainBow)
- Optimized the way script loads configuration variables.
- Service restarts will dynamically check which services need to be restarted.
- Optimized Boot Delay Timer functionality and changed logging messages to clarify how the Boot Delay Timer effects the script startup.
- WAN Status will now check if a cable is unplugged.
- General optimization

It works correctly and perfectly with AdGuardHome installed in AMTM and running as a service. Thank you so much for the work done.

 

[Ranger802004]

v1.5.5-beta3 Release:
Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.5-beta3.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh kill

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

***Highlight: Allows OpenVPN Clients to work in Load Balancing Mode by defaulting to WAN0 and failover to WAN1 if WAN0 fails***

Release Notes:
v1.5.5-beta3
- If AdGuard is running or AdGuard Local is enabled, Switch WAN function will not update the resolv.conf file. (Collaboration with SomeWhereOverTheRainbow)
- Optimized the way script loads configuration variables.
- Service restarts will dynamically check which services need to be restarted.
- Optimized Boot Delay Timer functionality and changed logging messages to clarify how the Boot Delay Timer effects the script startup.
- WAN Status will now check if a cable is unplugged.
- General optimization
- Resolved issues with Load Balancing Mode introduced in v1.5.4
- Enhancements to Load Balancing Mode
- When in Load Balancing Mode, OpenVPN Clients connection to remote address will default to WAN0 and failover to WAN1 if WAN0 fails and back to WAN0 when it is restored.

 

[Ranger802004]

v1.5.5-beta5 Release:
Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.5-beta5.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh kill

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

***Highlight: While in Load Balancing Mode, OpenVPN Split Tunneling can be Disabled defaulting to WAN0 and failover to WAN1 if WAN0 fails***

Release Notes:
v1.5.5-beta5
- General optimization of script logic
- If AdGuard is running or AdGuard Local is enabled, Switch WAN function will not update the resolv.conf file. (Collaboration with SomeWhereOverTheRainbow)
- Optimized the way script loads configuration variables.
- Service restarts will dynamically check which services need to be restarted.
- Optimized Boot Delay Timer functionality and changed logging messages to clarify how the Boot Delay Timer effects the script startup.
- WAN Status will now check if a cable is unplugged.
- Resolved issues with Load Balancing Mode introduced in v1.5.4
- Enhancements to Load Balancing Mode
- When in Load Balancing Mode, OpenVPN Split Tunneling can be disabled where remote addresses will default to WAN0 and failover to WAN1 if WAN0 fails and back to WAN0 when it is restored. This can be changed in Configuration file using the Setting: OVPNSPLITTUNNEL (1 = Enabled / 0 = Disabled)
- Corrected issue with Cron Job creation.
- Corrected issues with IP Rules creation for Target IP Addresses.
- When in Load Balance Mode, script will create IPTables Mangle rules for marking packets if they are missing. This is to correct an issue with the firmware.
- Increased email skip delay to 180 seconds additional to Boot Delay Timer.
- Script will be Disabled with Entware ip-full package installed due to it deploying IP v4.4.0-10 while ASUS Merlin v386.7 firmware uses IP v5.11.0. Remediation is to remove Entware ip-full package.

 

[Smokey613]

I am still running 386.5_2, will this break the script on my system?

 

[Ranger802004]

I am still running 386.5_2, will this break the script on my system?

Do me a favor! Send me the output of this command

ip -V

 

[Smokey613]

ip utility, iproute2-5.11.0

 

[Ranger802004]

ip utility, iproute2-5.11.0

After collaborating with @SomeWhereOverTheRainBow I'm going to adjust this logic and just make sure the system binaries are taking precedence over optional binaries installed by like Entware. So I'm going to make some tweaks and publish another beta.

 

[Ranger802004]

I'm working on another iteration of this beta with some tweaks but I was testing around with Load Balancing Mode after getting all of the right pieces in place and I'm quite shocked it's working well. My WAN0 is 1Gbps bridged behind a service router and WAN1 is a 100Mbps Cable service. I never have gotten over about 940Mbps on my WAN0 (Packet Overhead).